公共 IP 前缀Public IP prefix

公共 IP 前缀是预留供 Azure 中的公共终结点使用的 IP 地址范围。A public IP prefix is a reserved range of IP addresses for your public endpoints in Azure. Azure 根据指定的地址数为订阅分配连续的地址范围。Azure allocates a contiguous range of addresses to your subscription based on how many you specify. 如果不熟悉公共地址,请参阅公共 IP 地址If you're not familiar with public addresses, see Public IP addresses.

公共 IP 地址是从各 Azure 区域的地址池分配的。Public IP addresses are assigned from a pool of addresses in each Azure region. 下载 Azure 在每个区域使用的范围列表。You can download the list of ranges Azure uses for each region. 例如,40.72.128.0/18 是 Azure 在中国东部区域中使用的 100 多个范围之一。For example, 40.72.128.0/18 is one of over 100 ranges Azure uses in the China East region. 该范围包括从 40.72.128.1 到 40.72.191.254 的可用地址。The range includes the usable addresses of 40.72.128.1 - 40.72.191.254.

可通过指定一个名称和希望前缀包括的地址数,在 Azure 区域和订阅中创建公共 IP 前缀。You create a public IP prefix in an Azure region and subscription by specifying a name, and how many addresses you want the prefix to include. 例如,如果创建一个公共 IP 前缀 /28,则 Azure 会从其范围之一为你分配 16 个地址。For example, If you create a public IP prefix of /28, Azure allocates 16 addresses from one of its ranges for you. 除非创建范围,否则你不会知道 Azure 将分配哪个范围给你,但这些地址是连续的。You don't know which range Azure will assign until you create the range, but the addresses are contiguous. 公共 IP 前缀会产生费用。Public IP prefixes have a fee. 有关详细信息,请参阅公共 IP 地址定价For details, see public IP address pricing.

为什么创建公共 IP 前缀?Why create a public IP prefix?

创建公共 IP 地址资源时,Azure 会从区域中使用的任何一个范围分配可用的公共 IP 地址。When you create public IP address resources, Azure assigns an available public IP address from any of the ranges used in the region. Azure 分配地址后,你就会知道是哪一个地址,但在 Azure 分配地址之前,你并不知道可能会分配哪个地址。Once Azure assigns the address, you know what the address is, but until Azure assigns the address, you don't know what address might be assigned. 有时这可能会是一个问题,例如,你或你的业务合作伙伴设置防火墙规则,允许使用特定 IP 地址。This can be problematic when, for example, you, or your business partners, setup firewall rules that allow specific IP addresses. 每当向资源分配新的公共 IP 地址时,必需将该地址添加到防火墙规则。Each time you assign a new public IP address to a resource, the address has to be added to the firewall rule. 当从公共 IP 前缀向资源分配地址时,无需在每次分配一个地址时都更新防火墙规则,因为可以将整个范围添加到规则。When you assign addresses to your resources from a public IP prefix, firewall rules don't need to be updated each time you assign one of the addresses, because the whole range could be added to a rule.

优点Benefits

  • 可以从已知范围创建公共 IP 地址资源。You can create public IP address resources from a known range.
  • 你或你的业务合作伙伴可以使用包括当前分配的公共 IP 地址以及尚未分配的地址范围创建防火墙规则。You, or your business partners can create firewall rules with ranges that include public IP addresses you've currently assigned, as well as addresses you haven't assigned yet. 这样便可在向新资源分配 IP 地址时省去更改防火墙规则的需要。This eliminates the need to change firewall rules as you assign IP addresses to new resources.
  • 可创建的默认范围大小为 /28 或 16 个 IP 地址。The default size of a range you can create is /28 or 16 IP addresses.
  • 可创建的范围数没有限制,但 Azure 订阅中可包括的静态公共 IP 地址的最大数有一定限制。There are no limits as to how many ranges you can create, however, there are limits on the maximum number of static public IP addresses you can have in an Azure subscription. 因此,可创建的范围数包含的静态公共 IP 地址数不能超过订阅中包含的地址数。As a result, the number of ranges you create can't encompass more static public IP addresses than you can have in your subscription. 有关详细信息,请参阅 Azure 限制For more information, see Azure limits.
  • 使用来自前缀的地址创建的地址可以分配到可向其分配公共 IP 地址的任何 Azure 资源。The addresses that you create using addresses from the prefix can be assigned to any Azure resource that you can assign a public IP address to.
  • 可轻松查看分配的 IP 地址和范围中尚未分配的地址。You can easily see which IP addresses that are allocated and not yet allocated within the range.

方案Scenarios

可将以下资源关联到来自前缀的静态公共 IP 地址:You can associate the following resources to a static public IP address from a prefix:

资源Resource 方案Scenario 步骤Steps
虚拟机Virtual Machines 将来自某个前缀的公共 IP 关联到 Azure 中的虚拟机可降低在防火墙中创建允许列表 IP 所产生的管理开销。Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when it comes to whitelisting IPs in a firewall. 可使用单个防火墙规则简化创建整个前缀允许列表的过程。You can simply whitelist an entire prefix with a single firewall rule. 缩放 Azure 中的虚拟机时,可关联来自同一前缀的 IP,从而节省成本、时间和管理开销。As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead. 将来自某个前缀的 IP 关联到虚拟机:1.To associate IPs from a prefix to your virtual machine: 1. 创建前缀。Create a prefix. 2.2. 从前缀创建 IP。Create an IP from the prefix. 3.3. 将 IP 关联到虚拟机网络接口。Associate the IP to your virtual machine's network interface. 也可以将 IP 关联到虚拟机规模集You can also associate the IPs to a Virtual Machine Scale Set.
标准负载均衡器Standard Load Balancers 将来自某个前缀的公共 IP 关联到负载均衡器的前端 IP 配置或出站规则可确保简化 Azure 公共 IP 地址空间。Associating public IPs from a prefix to your frontend IP configuration or outbound rule of a Load Balancer ensures simplification of your Azure public IP address space. 可以通过整理源由公共 IP 前缀定义的连续 IP 地址范围的出站连接来简化你的方案。You can simplify your scenario by grooming outbound connections to be originated from a range of contiguous IP addresses defined by public IP prefix. 将来自某个前缀的 IP 关联到负载均衡器:1.To associate IPs from a prefix to your Load balancer: 1. 创建前缀。Create a prefix. 2.2. 从前缀创建 IP。Create an IP from the prefix. 3.3. 创建负载均衡器时,选择或更新在前面第 2 步中创建的 IP 作为负载均衡器的前端 IP。When creating the Load Balancer, select or update the IP created in step 2 above as the frontend IP of your Load Balancer.
Azure 防火墙Azure Firewall 可使用来自前缀的公共 IP 地址作为出站 SNAT。You can use a public IP from a prefix for outbound SNAT. 这意味着所有出站虚拟网络流量都会转换为 Azure 防火墙公共 IP。This means all outbound virtual network traffic is translated to the Azure Firewall public IP. 该 IP 来自预先确定的前缀,因此很容易提前知道 Azure 中公共 IP 占用情况将来的情况。Since this IP comes from a predetermined prefix, it is very easy to know ahead of time what your public IP footprint in Azure will look like. 1.创建前缀。1. Create a prefix. 2.2. 从前缀创建 IP。Create an IP from the prefix. 3.3. 部署 Azure 防火墙时,请务必选择之前通过前缀分配的 IP。When you deploy the Azure firewall, be sure to select the IP you previously allocated from the prefix.
应用程序网关 v2Application Gateway v2 对于自动缩放和区域冗余应用程序网关 v2,可以使用来自前缀的公共 IP。You can use a public IP from a prefix for your autoscaling and zone-redundant Application gateway v2. 该 IP 来自预先确定的前缀,因此很容易提前知道 Azure 中公共 IP 占用情况将来的情况。Since this IP comes from a predetermined prefix, it is very easy to know ahead of time what your public IP footprint in Azure will look like. 1.创建前缀。1. Create a prefix. 2.2. 从前缀创建 IP。Create an IP from the prefix. 3.3. 部署应用程序网关时,请务必选择之前通过前缀分配的 IP。When you deploy the Application Gateway, be sure to select the IP you previously allocated from the prefix.

约束Constraints

  • 不能指定前缀的 IP 地址。You can't specify the IP addresses for the prefix. Azure 将根据指定的大小分配前缀的 IP 地址。Azure allocates the IP addresses for the prefix, based on the size that you specify.
  • 默认情况下,可以创建最多 16 个 IP 地址的前缀或默认前缀 /28。You can create a prefix of up to 16 IP addresses or a /28 by default. 查看网络限制增加请求Azure 限制以获取详细信息。Review Network limits increase requests and Azure limits for more information.
  • 创建前缀后,无法更改该范围。You can't change the range, once you've created the prefix.
  • 仅使用标准 SKU 创建的静态公共 IP 地址可从前缀范围进行分配。Only static public IP addresses created with the Standard SKU can be assigned from the prefix's range. 若要详细了解公共 IP 地址 SKU,请参阅公共 IP 地址To learn more about public IP address SKUs, see public IP address.
  • 范围中的地址只能分配到 Azure 资源管理器资源。Addresses from the range can only be assigned to Azure Resource Manager resources. 这些地址不能分配到通过经典部署模型创建的资源。Addresses cannot be assigned to resources in the classic deployment model.
  • 使用前缀创建的所有公共 IP 地址都必须位于同一 Azure 区域和订阅作为前缀,并且必须分配到相同区域和订阅中的资源。All public IP addresses created from the prefix must exist in the same Azure region and subscription as the prefix, and must be assigned to resources in the same region and subscription.
  • 如果前缀中的任何地址被分配到与某个资源关联的公共 IP 地址资源,则无法删除该前缀。You can't delete a prefix if any addresses within it are assigned to public IP address resources associated to a resource. 首先应取消关联所有公共 IP 地址资源,这些资源通过前缀分配有 IP 地址。Dissociate all public IP address resources that are assigned IP addresses from the prefix first.

后续步骤Next steps